CRITICALSTART conducted a survey of more than 50 Security Operations Center (SOC) professionals across enterprises, Managed Security Services Providers (MSSP) and Managed Detection & Response (MDR) providers to evaluate the state of incident response within SOCs. The survey was fielded Q2 2019.
The report and analysis are based on the responses received from this sample with comparisons drawn to the same questions asked in the company’s 2018 report.
This year’s report revealed that SOC analysts continue to face an overwhelming number of alerts each day that are taking longer to investigate, resulting in many SOC analysts believing their primary job responsibility is to “reduce the time it takes to investigate alerts.”
To cope with the onslaught of alerts, managed security providers simply try to hire more analysts or direct existing ones to ignore certain types of alerts and turn off key features that generate too many alerts – negatively impacting business models and leaving enterprises more susceptible to attacks. The most striking finding is the direct toll the alert overload problem is having on SOC analyst retention.
CRITICALSTART® and MOBILESOC® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: Cyber Operations Risk & Response™ platform, and Trusted Behavior Registry®. Any unauthorized use is expressly prohibited.